Reputation: 3343
How to get all users from an authorization server using OIDC in spring?
I've got a spring-boot app that authenticates with OIDC (oauth2) and I'm trying to get a list of all the users from the authorization server - how should I implement this using spring?
Upvotes: 0
Views: 1928
Answers (2)
Reputation: 7772
Spring Security OAuth2 doesn't have an API for expressing a user repository. It does have a UserDetailsService interface, but you'll note that it only has the loadUserByUsername method.
If you are building an OAuth 2 authorization server, you could take a look at Spring Data and Spring MVC to expose a query endpoint (using Spring Security to secure that endpoint).
If you are building an OAuth 2 resource server or client that is talking to a third-party authorization server, you could take a look at RestTemplate or WebClient to formulate whatever proprietary query your authorization server wants since like @Ronald said, there is no OAuth 2.0 standard for querying users.
Upvotes: 1
Reputation: 26
When a user signs in into his identity provider his personal information can be accessed by the claims the identity token contains. Or by approaching the userinfo endpoint.
There is no endpoint which returns all the users from the authorization server according to the OIDC standard.
Upvotes: 0
Related Questions
- Fetch user information in Resource Server
- Spring OAuth2 OIDC - Getting user info and AD Group Information for Authorization
- Spring OAuth (OAuth2): How can I get the client credentials in a Spring MVC controller?
- Spring OAuth2 resource server load synchronized user from database
- Spring Security and OpenID Connect (OIDC)
- Getting Principal from DB by Spring Boot OAuth2 login
- How can I authenticate users using google OIDC with Spring Security 5.1+
- Spring Oauth2 : How to get all clientIds?
- How to get list of all Auth0 users
- How to get authenticated user in spring-security-oauth